<!doctype html> <html lang="en"> <head> <script> var script = document.createElement('script'); // Don't do this at home kids! The "document.referrer" part is actually inserting a XSS security. // We are OK in this precise case because the HTML page is hosted on the "maps" domain that contains only static files. script.setAttribute('src', document.referrer + 'iframe_api.js'); document.head.appendChild(script); </script> </head> <body> <button id="sendchat">Send chat message</button> <script> document.getElementById('sendchat').onclick = () => { WA.chat.sendChatMessage('Hello world!', 'Mr ROBOT'); } </script> <div id="chatSent"></div> <script> window.addEventListener('load', () => { WA.chat.onChatMessage((message => { const chatDiv = document.createElement('p'); chatDiv.innerText = message; document.getElementById('chatSent').append(chatDiv); })); }) </script> </body> </html>